[Snyk] Fix for 7 vulnerabilities #529

ekmixon · 2023-11-28T21:53:37Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- ui/packages/consul-ui/package.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:clean-css:20180306	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @hashicorp/ember-cli-api-double

The new version differs by 2 commits.

bc0b308 Bump from 3.1.2 to 4.0.0
c384558 Upgrade: v3.15.2...v4.6.0 (build(deps-dev): bump prettier from 2.2.1 to 2.4.1 in /website #24)

See the full diff

Package name: ember-changeset-validations

The new version differs by 88 commits.

33fa329 4.0.0
7da54cd 4.0.0-beta.3
ba57aa6 Bump to latest (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.86 #341)
b221b25 chore: bump ember-validators (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.85 #340)
2b87c20 Move `ember-changeset` to `devDependencies` (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.83 #338)
9498698 Remove deprecated usage of assign (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.84 #339)
cc7c702 Bump `@ embroider/*` dependencies to v1 (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.81 #335)
055bff1 Allow ember-get-config v1 (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.82 #337)
55341eb 4.0.0-beta.2
a454909 Update deps to 4.0.0-beta.1 (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.80 #334)
8872686 Update Build Status badge: Travis -> GH Actions (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.76 #331)
d66f290 Update npmignore file (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.75 #330)
7f5b7ec Add v4.0.0-beta.0 and v4.0.0-beta.1 to changelog (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.73 #329)
165c89e 4.0.0-beta.1
11ef275 Remove changeset template helper re-export (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.70 #326)
81fb99f 4.0.0-beta.0
c62e20c ember-changeset beta.0 (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.72 #328)
ad6f6e1 Allow v0.3, v0.4 and v0.5 of ember-get-config (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.71 #327)
ff86a32 Run ember-cli-update to v3.28.3 and enable Ember v4/embroider scenarios (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.69 #325)
01a404d Upgrade ember-auto-import to v2 (Configure Mend Bolt for GitHub #324)
78cc926 Update eslint-plugin-ember, fix lint, run blueprint tests in CI (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.68 #323)
f75f739 Update ember-template-lint and fix lint issues (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.67 #322)
fe32964 Drop Node.js v10 support (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.66 #321)
589b7e5 Upgrade eslint-plugin-qunit to v7 (build(deps): bump github.com/shirou/gopsutil/v3 from 3.20.10 to 3.22.7 #320)

See the full diff

Package name: ember-cli

The new version differs by 250 commits.

023da4a update changelog
019f35f Merge branch 'beta' into release
2ea7289 Merge pull request Update Kubernetes docs to point to install pages. hashicorp/consul#10293 from kellyselden/update_stable_deps
2e9404b update stable deps
becf618 Widen peer dependency range for ember-source
680711f Merge pull request [1.9.x] agent: ensure we hash the non-deprecated upstream fields on ServiceConfigRequest hashicorp/consul#10244 from kategengler/kg-update-preprocess-reg
67a9873 Update ember-cli-preprocess-registry to a version that restores the
4ab2837 Delete unit tests that no longer make sense
942e69b Update ember-cli-preprocess-registry and add ember-cli-clean-css to the
3efe18f Merge branch 'release' into beta
c0935c0 Release 4.12.1
c5fef60 update changelog
83d3655 Merge pull request Updates AlertBanner for HashiConf EU hashicorp/consul#10251 from bertdeblock/remove-stylelint-config-prettier
ffc768b Remove `stylelint-config-prettier` from `app` blueprint
1ac4bae Release 5.0.0-beta.0
956824e fix changelog
1f5c6a4 Release 4.13.0-beta.0
b0232a7 update changelog
ce910a2 Merge branch 'master' into beta
132f0cd Merge branch 'beta'
dcdfdf0 Merge branch 'release' into beta
fddde7a Release 4.12.0
0160a2c update changelog
60c0ba8 Merge branch 'beta' into release

See the full diff

Package name: ember-cli-app-version

The new version differs by 96 commits.

3600865 Release 4.0.0
bf6be87 Re-roll yarn.lock.
4961759 Update to latest allowed versions of dependencies.
ec33b92 Add automated release setup.
15a23fe Merge pull request build(deps): bump github.com/stretchr/testify from 1.4.0 to 1.8.0 in /api #295 from nlfurniss/upgrade-ember-cli-babel
1b5e85a upgrade ember-cli-babel to ^7.0.0
2ae42c5 [Security] Bump websocket-extensions from 0.1.3 to 0.1.4
11d038f [Security] Bump eslint-utils from 1.3.1 to 1.4.2
fa35bc1 Bump ember-resolver from 5.1.3 to 5.2.0
0aff26b [Security] Bump lodash from 4.17.11 to 4.17.14
9234fa4 [Security] Bump lodash.merge from 4.6.1 to 4.6.2
9f84b74 Bump eslint-plugin-ember from 6.7.0 to 6.7.1
3808ee0 Bump ember-cli-htmlbars from 3.0.1 to 3.1.0
ad459b9 Bump ember-source from 3.10.2 to 3.11.1 (build(deps-dev): bump lint-staged from 10.5.4 to 12.3.4 in /ui #152)
d943312 Bump eslint-plugin-ember from 6.6.0 to 6.7.0
5901b27 Bump ember-source from 3.10.1 to 3.10.2
c8c8f4c Bump eslint-plugin-ember from 6.5.1 to 6.6.0
93eb71d Bump ember-source from 3.10.0 to 3.10.1
3c61e7b Bump eslint-plugin-ember from 6.5.0 to 6.5.1
3e27332 Bump eslint-plugin-ember from 6.4.1 to 6.5.0
922ac3e Bump ember-cli-dependency-checker from 3.1.0 to 3.2.0
6b6ae2a Bump ember-try from 1.1.0 to 1.2.1
f5b36cb Bump ember-source from 3.9.1 to 3.10.0
f22cc60 [Security] Bump tar from 4.4.1 to 4.4.8

See the full diff

Package name: ember-cli-yadda

The new version differs by 173 commits.

30a2631 Update Readme
ba45cb5 Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.15 #246 from kaliber5/eai2
0ccefca Add qunit to dependencies to allow importing w/ Embroider/eai v2
10f00e5 Fix embroider config
aba4ba0 Don't fail fast in CI
1ddcbd6 Update to ember-auto-import v2
4802dee Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.17 #248 from kaliber5/update
64ddb05 Update Ember to 3.28, drop support for 3.16
20f14f4 Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.16 #247 from kaliber5/drop-node10
a0e28be Drop node 10 support
c9f920f Merge pull request [Snyk] Security upgrade doctoc from 2.0.0 to 2.2.0 #232 from kaliber5/dependabot/npm_and_yarn/eslint-7.30.0
f414878 Bump eslint from 7.29.0 to 7.30.0
9765b68 Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.3 #227 from kaliber5/dependabot/npm_and_yarn/release-it-14.10.0
a2e7d91 Bump release-it from 14.9.0 to 14.10.0
138d365 Merge pull request build(deps): bump cross-fetch from 3.1.4 to 3.1.5 in /website #226 from kaliber5/dependabot/npm_and_yarn/broccoli-funnel-3.0.8
11f1211 Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.0 #222 from kaliber5/dependabot/npm_and_yarn/eslint-7.29.0
9fa015b Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.43.44 #220 from kaliber5/dependabot/npm_and_yarn/ember-cli-inject-live-reload-2.1.0
b876415 Bump broccoli-funnel from 3.0.7 to 3.0.8
10d8599 Bump eslint from 7.28.0 to 7.29.0
3e86977 Bump ember-cli-inject-live-reload from 2.0.2 to 2.1.0
d94d980 Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.43.43 #218 from kaliber5/dependabot/npm_and_yarn/release-it-14.9.0
2d1198d Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.43.42 #216 from kaliber5/dependabot/npm_and_yarn/broccoli-funnel-3.0.7
d914566 Bump release-it from 14.8.0 to 14.9.0
24a82bb Bump broccoli-funnel from 3.0.6 to 3.0.7

See the full diff

Package name: ember-collection

The new version differs by 58 commits.

069a374 Release 3.0.0
e69bdab Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.43.26 #192 from adopted-ember-addons/dependabot/npm_and_yarn/http-proxy-1.18.1
4a002ca Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.43.25 #191 from adopted-ember-addons/dependabot/npm_and_yarn/websocket-extensions-0.1.4
475f559 Merge pull request build(deps-dev): bump doctoc from 2.0.0 to 2.2.0 in /ui #234 from adopted-ember-addons/dependabot/npm_and_yarn/ini-1.3.8
03019fb Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.43.33 #202 from adopted-ember-addons/dependabot/npm_and_yarn/ssri-7.1.1
e208f84 Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.43.34 #203 from adopted-ember-addons/dependabot/npm_and_yarn/glob-parent-5.1.2
57187e0 Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.6 #233 from adopted-ember-addons/dependabot/npm_and_yarn/y18n-4.0.3
feb1042 Merge pull request build(deps): bump github.com/hashicorp/go-uuid from 1.0.1 to 1.0.3 in /api #206 from adopted-ember-addons/dependabot/npm_and_yarn/path-parse-1.0.7
5053288 Bump http-proxy from 1.18.0 to 1.18.1
6c2bf60 Bump websocket-extensions from 0.1.3 to 0.1.4
8fc460f Bump ini from 1.3.5 to 1.3.8
fb2e2aa Bump y18n from 4.0.0 to 4.0.3
4a5ef6c Bump ssri from 7.1.0 to 7.1.1
fdbec9f Bump glob-parent from 5.1.1 to 5.1.2
3965138 Bump path-parse from 1.0.6 to 1.0.7
4eb435c Merge pull request [Snyk] Security upgrade doctoc from 2.0.0 to 2.2.0 #232 from adopted-ember-addons/dependabot/npm_and_yarn/http-cache-semantics-4.1.1
a92d5a9 Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.5 #231 from adopted-ember-addons/dependabot/npm_and_yarn/engine.io-6.4.2
4e6113b Merge pull request build(deps): bump github.com/shirou/gopsutil/v3 from 3.20.10 to 3.22.4 #228 from adopted-ember-addons/dependabot/npm_and_yarn/babel/traverse-7.23.2
bdc4b25 Merge pull request build(deps): bump react-device-detect from 1.17.0 to 2.2.2 in /website #208 from adopted-ember-addons/dependabot/npm_and_yarn/tmpl-1.0.5
cc66045 Merge pull request build(deps-dev): bump lint-staged from 10.5.4 to 12.4.1 in /ui #230 from adopted-ember-addons/dependabot/npm_and_yarn/handlebars-4.7.8
7a08e6d Bump http-cache-semantics from 4.1.0 to 4.1.1
307b341 Merge pull request build(deps): bump github.com/mitchellh/mapstructure from 1.1.2 to 1.5.0 in /api #217 from adopted-ember-addons/dependabot/npm_and_yarn/decode-uri-component-0.2.2
8d1ccf3 Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.4 #229 from adopted-ember-addons/dependabot/npm_and_yarn/underscore-1.13.6
d042d27 Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.3 #227 from adopted-ember-addons/dependabot/npm_and_yarn/word-wrap-1.2.5

See the full diff

Package name: ember-in-viewport

The new version differs by 10 commits.

7e4c343 4.0.0
3fb3fee Add 3.28 to test suite (build(deps-dev): bump lint-staged from 10.5.4 to 13.0.3 in /ui #291)
dfccb5f Add 3.28 testing scenario (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.42 #290)
f4d7efb Bump ember-modifier to v3 and allow either v2 or v3 (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.41 #289)
6647939 Update Build Status badge: Travis -> GH Actions (build(deps): bump github.com/stretchr/testify from 1.4.0 to 1.7.5 in /api #288)
c59ef64 Update npmignore file (build(deps): bump github.com/stretchr/testify from 1.4.0 to 1.7.5 in /sdk #287)
2727354 Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.39 #285 from SergeAstapov/ember-auto-import-v2
12d81bd Add changelog via lerna-changelog (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.38 #284)
3f2538e Upgrade ember-auto-import to v2
4dea913 Run ember-cli-update to v3.28.2 and make CI green

See the full diff

Package name: ember-maybe-import-regenerator

The new version differs by 65 commits.

21520c7 release v1.0.0 🎉
2fb6b26 re-roll lockfile
72ff126 Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.41.4 #52 from rwjblue/patch-1
c513398 Remove Node 10 references from CI
fd026bf don't add another dep to itself (ember-addons already do this)
927d105 fix readme
46c9615 upgrade ember-cli and drop node 10
83e6219 re-roll lockfile
67c3e16 Update README.md
8fe06b8 Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.41.1 #48 from machty/dependabot/npm_and_yarn/underscore-1.13.1
25dadd7 Merge pull request build(deps-dev): bump doctoc from 2.0.0 to 2.1.0 in /ui #49 from machty/dependabot/npm_and_yarn/hosted-git-info-2.8.9
32499c4 Merge pull request build(deps-dev): bump lint-staged from 10.5.4 to 11.2.3 in /ui #46 from machty/dependabot/npm_and_yarn/handlebars-4.7.7
6ab52d7 Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.40.59 #45 from machty/dependabot/npm_and_yarn/ssri-6.0.2
0ae8c35 Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.41.0 #47 from machty/dependabot/npm_and_yarn/lodash-4.17.21
8eca454 Merge pull request build(deps): bump github.com/shirou/gopsutil/v3 from 3.20.10 to 3.21.9 #38 from machty/dependabot/npm_and_yarn/path-parse-1.0.7
ad27f16 Bump path-parse from 1.0.6 to 1.0.7
33b5b48 Bump hosted-git-info from 2.8.8 to 2.8.9
0474ab1 Bump underscore from 1.10.2 to 1.13.1
b67a6ab Bump lodash from 4.17.19 to 4.17.21
2069dae Bump handlebars from 4.7.6 to 4.7.7
73e62cc Bump ssri from 6.0.1 to 6.0.2
a07ac92 Merge pull request build(deps): bump github.com/hashicorp/consul/sdk from 0.7.0 to 0.8.0 in /api #23 from jrjohnson/update-ember-cli-3.19
91671b0 Update Ember v3.10.0...v3.19.0
7a3c6be Merge pull request build(deps-dev): bump ember-data-model-fragments from 5.0.0-beta.0 to 5.0.0-beta.2 in /ui #28 from machty/dependabot/npm_and_yarn/socket.io-2.4.1

See the full diff

Package name: ember-modifier

The new version differs by 43 commits.

4cf0673 Release 3.0.0
24a6127 Correct the supported TS versions list
a8bb5f8 Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.42.21 #104 from ember-modifier/tweak-CI
25c6903 chore: run TS compat independent of tests
479180b Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.42.20 #103 from ember-modifier/freshen-other-deps
d1f4854 chore: latest expect-type (no changes required!)
480d18c chore: latest Prettier (no changes required!)
1f9971c chore: update most other dependencies to latest
ae6a200 chore: drop a number of defunct dependencies
3c65f95 Merge pull request build(deps-dev): bump prettier from 2.2.1 to 2.5.1 in /website #101 from ember-modifier/update-lint-config
a458562 Revert to ember-cli-htmlbars@5 to get correct babel-plugin-ember-template-compilation
acbcde6 Ignore Babel config for build; use it only for lint
93e9763 Don't ignore babel config when publishing
fee0b7f Do not run linting as part of tests
fd04053 chore: update linting configuration
ad154b7 Merge pull request build(deps-dev): bump lint-staged from 10.5.4 to 12.0.3 in /ui #85 from ember-modifier/dependabot/npm_and_yarn/hosted-git-info-2.8.9
357c561 Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.42.4 #79 from chriskrycho/fix-types
30125b5 Improve naming of `this` type in class modifier tests
8fb0e0b Types: make functional modifier contravariance-safe
8c47fe5 Types: fix strictness and add a failing test
4f418bb Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.42.8 #86 from nlfurniss/patch-1
dea1819 Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.42.18 #100 from ember-modifier/fix-4.x
9f8604b Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.42.11 #91 from bertdeblock/rename-modifier-arguments-in-blueprints
0c75d0c Fix lint errors after upgrading to latest deps

See the full diff

Package name: ember-power-select

The new version differs by 147 commits.

ec05776 Add devDependency @ glint/template and bump some embroider packages
2641da2 v7.1.0
70fbc42 Merge pull request "Leader service" with DNS support hashicorp/consul#1584 from cibernox/update-to-ember-5-compatible-dropdown-component
e36b3e4 Update to ember-5 compatible ember-basic-dropdown
ce80e61 Merge pull request Please print logging about the domain the DNS is handling queries for. hashicorp/consul#1528 from betocantu93/patch-2
5903ff8 Merge pull request Adding singleton option to DNS for getaddrinfo bug. hashicorp/consul#1583 from evoactivity/ember-5-fix
087987a Ember 5 Fix
812b32f Merge pull request Specifying -ui without -ui-dir doesn't enable 301 redirect hashicorp/consul#1578 from tallarium/restrict-is-sliceable
90e8047 Merge pull request Adds a cautionary note about data fitting into RAM. hashicorp/consul#1581 from mkszepp/fix-test-model-depreactions
1408ca3 Convert test models to classes & fix ember 4.x deprecation (add async & inverse)
2f670fc restrict isSliceable to avoid slicing strings
c59808c Merge pull request Consul should handle nodes changing IP addresses hashicorp/consul#1580 from mkszepp/update-ember-to-4-12
8042571 Fix package lock & readd deprecation for ember 5
10cc812 Don't bump ember/string
d4020a7 Move ember string to dependencies
6f914d4 Fix package lock
faaa041 Update ember-qunit & @ ember/test-helpers
0fe1fc9 Remove @ ember/test-helpers from ember-try (was not helpful to fix)
4bcc6b1 Fix test & use @ ember/test-helpers v3 for ember-release, ember-beta & ember-canary test
54f6390 Update packages & nodejs for ci
7e93fca Merge pull request How best to comply with RFC3274 hashicorp/consul#1565 from alyne/wozny1989/fix-allow-to-pass-placeholder-component-in-multiple-select
ec8ccb7 fix lint issues
867b655 update package-lock.json
7a84cdc Merge branch 'master' into wozny1989/fix-allow-to-pass-placeholder-component-in-multiple-select

See the full diff

Package name: ember-power-select-with-create

The new version differs by 15 commits.

56a6e0d v2.0.0
06461a6 feat: upgrade ember power select version (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.43.1 #155)
f9a0748 Release 1.0.0
9df274b Update ember-power-select to 6.x (build(deps-dev): bump lint-staged from 10.5.4 to 12.3.2 in /ui #139)
f40db72 Add rwjblue release-it (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.42.43 #138)
7fcf4a1 Bump terser from 4.8.0 to 4.8.1 (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.42.40 #134)
2bf374e embroider-optimized support, powerSelectComponentName -> powerSelectComponent (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.42.42 #137)
b1569f8 Node >= 14, Ember >= 3.24 ([Snyk] Security upgrade next from 10.2.2 to 12.0.9 #136)
e1b8835 Update to Ember Power Select 5.0 (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.42.38 #130)
629a6ab Bump ini from 1.3.4 to 1.3.8 (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.42.26 #115)
2fc7e15 v0.9.1
b46b017 Restore suggestedOptionComponent argument. (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.42.30 #120)
b024628 Fix passing a custom triggerComponent to PowerSelectWithCreate (build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.42.29 #118)
dd730d6 v0.9.0
9fd5a4b Update to modern Octane and Glimmer (build(deps): bump github.com/shirou/gopsutil/v3 from 3.20.10 to 3.21.12 #114)

See the full diff

Package name: ember-qunit

The new version differs by 250 commits.

0da2dbf Release 5.0.0-beta.5
804014f Merge pull request 'consul lock' should recognize '--' to stop processing command line switches hashicorp/consul#776 from rohitpaulk/rohitpaulk/fix-qunit-fixture-position
40e89d6 Merge pull request Add Terraform Variable for AWS instance type hashicorp/consul#784 from emberjs/dependabot/npm_and_yarn/eslint-7.14.0
3058aeb Merge pull request web-ui doesn't support UTF-8 values in kv hashicorp/consul#783 from emberjs/dependabot/npm_and_yarn/qunit-2.13.0
4529bef Bump eslint from 7.12.1 to 7.14.0
6aa3ec0 Merge pull request Documentation unclear on how to associate tokens with policies hashicorp/consul#782 from emberjs/dependabot/npm_and_yarn/ember-load-initializers-2.1.2
80df30d Bump qunit from 2.11.3 to 2.13.0
9afa8e1 Merge pull request Website: substantial rewrite of intro/getting-started/join.html hashicorp/consul#785 from emberjs/dependabot/npm_and_yarn/ember/test-helpers-2.1.0
afa5970 Bump ember-load-initializers from 2.1.1 to 2.1.2
9d719e8 Merge pull request http service check fails every third request - causes service to flap hashicorp/consul#779 from emberjs/dependabot/npm_and_yarn/release-it-14.2.2
e504e0c Merge pull request Consul server/agent with unix socket http breaks 'consul watch' hashicorp/consul#778 from emberjs/dependabot/npm_and_yarn/ember-auto-import-1.7.0
7b407e5 Bump @ ember/test-helpers from 2.0.1 to 2.1.0
93ddbe4 Bump release-it from 14.2.1 to 14.2.2
f689524 Bump ember-auto-import from 1.6.0 to 1.7.0
a531c8d Override #qunit-fixture styling, place inside viewport
fbbe818 Merge pull request etcd vs consul hashicorp/consul#768 from emberjs/dependabot/npm_and_yarn/ember-cli-3.22.0
d802703 Merge pull request website: default health check is 'serfHealth' hashicorp/consul#763 from rohitpaulk/add-fullscreencontainer
b6de071 Bump ember-cli from 3.20.0 to 3.22.0
cf96808 Merge pull request Cant' build consul - make: *** [deps] Error 1 hashicorp/consul#774 from emberjs/dependabot/npm_and_yarn/ember-source-3.22.0
92d8b88 Merge pull request KV store does not maintain object content types hashicorp/consul#772 from emberjs/dependabot/npm_and_yarn/prettier-2.1.2
a38596a Merge pull request fix utm param hashicorp/consul#771 from emberjs/dependabot/npm_and_yarn/release-it-lerna-changelog-3.1.0
cdf739a Bump ember-source from 3.20.4 to 3.22.0
b0798dc Bump prettier from 2.0.5 to 2.1.2
b8280e4 Merge pull request make sure button text overflow is set to ellipsis hashicorp/consul#773 from emberjs/dependabot/npm_and_yarn/eslint-config-prettier-6.15.0

See the full diff

Package name: ember-sinon-qunit

The new version differs by 250 commits.

55885b6 Merge pull request Agent will not start on machines without a private ip since it won't bind to any ip available. hashicorp/consul#725 from elwayman02/dependabot/npm_and_yarn/eslint-plugin-ember-11.4.3
d54b9db [skip netlify]: Bump eslint-plugin-ember from 11.4.2 to 11.4.3
40319dc Merge pull request Support multiple recursor flag hashicorp/consul#724 from elwayman02/dependabot/npm_and_yarn/ember-source-4.10.0
baee766 Merge pull request Website: cleanup for getting-started/checks hashicorp/consul#722 from elwayman02/dependabot/npm_and_yarn/prettier-2.8.3
628a2b6 Merge pull request build(deps): bump github.com/aws/aws-sdk-go from 1.25.41 to 1.44.209 #500 from elwayman02/dependabot/npm_and_yarn/tmpl-1.0.5
b843b7d [skip netlify]: Bump prettier from 2.8.2 to 2.8.3
592081a [skip netlify]: Bump ember-source from 4.9.3 to 4.10.0
c2632dc Merge pull request Block until service/check sync is attempted from /v1/agent API's hashicorp/consul#723 from elwayman02/dependabot/npm_and_yarn/eslint-8.32.0
289e2a6 Merge pull request Add "version added" in the documentation hashicorp/consul#720 from elwayman02/dependabot/npm_and_yarn/qs-6.10.3
47c6702 [skip netlify]: Bump tmpl from 1.0.4 to 1.0.5
70d2a9b [skip netlify]: Bump eslint from 8.31.0 to 8.32.0
16c4997 [skip netlify]: Bump qs from 6.10.1 to 6.10.3
ead4a38 Merge pull request Better error message when datacenter is not configured correctly hashicorp/consul#727 from simonihmig/use-eai
25847dc Update README.md
5a72bc5 Make the addon inject the eai config
276946a Update Readme
c9af836 Use ember-auto-import instead of ember-sinon
1080a03 Merge pull request cant use atlas to start a cluster hashicorp/consul#728 from elwayman02/fix-linting
b4f8876 Fix Linting
aa3b0b3 Merge pull request New agent unable to join using old key, then can't join using current key hashicorp/consul#719 from elwayman02/ember-upgrade
0872337 Ember Upgrade via blueprint
85d3489 Merge pull request Confusing error when configuring encryption hashicorp/consul#718 from elwayman02/dependabot/npm_and_yarn/eslint-plugin-ember-11.4.2
fea5b42 [skip netlify]: Bump eslint-plugin-ember from 11.4.0 to 11.4.2
932649d Merge pull request Static ACL definitions hashicorp/consul#717 from elwayman02/dependabot/npm_and_yarn/eslint-config-prettier-8.6.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 - https://snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962463 - https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-JSON5-3182856 - https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660 - https://snyk.io/vuln/npm:clean-css:20180306

secure-code-warrior-for-github · 2023-11-28T21:53:43Z

Micro-Learning Topic: Regular expression denial of service (Detected by phrase)

Matched on "Regular Expression Denial of Service"

What is this? (2min video)

Denial of Service (DoS) attacks caused by Regular Expression which causes the system to hang or cause them to work very slowly when attacker sends a well-crafted input(exponentially related to input size).Denial of service attacks significantly degrade the service quality experienced by legitimate users. These attacks introduce large response delays, excessive losses, and service interruptions, resulting in direct impact on availability.

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Denial of service (Detected by phrase)

Matched on "Denial of Service"

The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Prototype pollution (Detected by phrase)

Matched on "Prototype Pollution"

What is this? (2min video)

By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf).

Try a challenge in Secure Code Warrior

github-actions bot added the theme/ui label Nov 28, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 7 vulnerabilities #529

[Snyk] Fix for 7 vulnerabilities #529

ekmixon commented Nov 28, 2023

secure-code-warrior-for-github bot commented Nov 28, 2023

[Snyk] Fix for 7 vulnerabilities #529

Are you sure you want to change the base?

[Snyk] Fix for 7 vulnerabilities #529

Conversation

ekmixon commented Nov 28, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

secure-code-warrior-for-github bot commented Nov 28, 2023

Micro-Learning Topic: Regular expression denial of service (Detected by phrase)

Matched on "Regular Expression Denial of Service"

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Denial of service (Detected by phrase)

Matched on "Denial of Service"

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Prototype pollution (Detected by phrase)

Matched on "Prototype Pollution"

Try a challenge in Secure Code Warrior